(Round Table) Shadow IT Risks And Controls : Managing The Unknown Unknowns In Deep & Dark Web

We were happy to participate in a community round table organized by CISO Platform

Key Discussion Points : 

• What is Shadow IT?
• What are the types of Shadow IT?
• Practical demo using open source tools
• Controls to manage shadow IT risk

Reason Of Risk : 

• No standardization
• Unknown risks
• Security breaches
• Data leaks

Types Of Risks :

• Third party email service
• Third party applications – whatspp, box
• Unknown assets
• Custom applications / individual built applications / scripts
• Database
• Cloud Buckets, S3
• Github ..online code repository
• Online Free tools / SaaS
• API
• Owner change of assets (person has left)
• Data in non electronical/ Physical forms
• Shadow accounts/privileges
• Shared / Leaked / Default / Weak / Written down passwords
• Backdoors
• IoT
• Rogue devices
• BYOD
• CCTV – source and data destination; set-top box
• 3rd party
• 4th party
• Supply chain

(PPT) Presentation from the discussion : 

Priyanka Aash

Priyanka has 10+ years of experience in Strategy, Community Building & Inbound Marketing and through CISO Platform has earlier worked with marketing teams of IBM, VMware, F5 Networks, Barracuda Network, Checkpoint, and more. Priyanka is passionate about Entrepreneurship and Enterprise Marketing Strategy. Earlier she co-founded CISO Platform- the world’s 1st online platform for collaboration and knowledge sharing among senior information security executives.